Trusted access to third party applications systems and methods

US 8,863,252 B1
Filed: 07/25/2012
Issued: 10/14/2014
Est. Priority Date: 07/25/2012
Status: Active Grant

First Claim

Patent Images

1. A method of downloading trusted content, comprising:

building a request for a trusted content while executing in a secure partition of a first mobile device trusted security zone of a mobile device;

responsive to executing in the secure partition of the first mobile device trusted security zone, stopping execution of a normal partition of the mobile device;

sending, by the mobile device, the request for the trusted content to a server, wherein the server comprises a server trusted security zone that at least partly handles the request for the trusted content;

receiving, by the first mobile device trusted security zone, the trusted content, wherein the trusted content comprises a trust token that contains information about the server trusted security zone and about the transmission of the trusted content;

storing the trusted content in a second mobile device trusted security zone of the mobile device;

inspecting the trusted content in the second mobile device trusted security zone, wherein inspecting the trusted content in the second mobile device trusted security zone comprises analyzing the trust token and comparing the trust token to a predefined trust criterion; and

responsive to the trusted content passing inspection, at least one of executing at least a portion of the trusted content by the first mobile device trusted security zone or presenting at least a portion of the trusted content by the first mobile device trusted security zone on a display of the mobile device.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of downloading trusted content. The method comprises sending by a mobile device a request for a trusted content to a server, wherein the mobile device comprises a first mobile device trusted security zone and builds the request while executing in the first mobile device trusted security zone and wherein the server comprises a server trusted security zone and wherein the server handles the request for the trusted content at least partly in the server trusted security zone. The method comprises receiving the trusted content by the first mobile device trusted security zone, storing the trusted content in a second mobile device trusted security zone of the mobile device, inspecting the trusted content in the second mobile device trusted security zone, and when the trusted content passes inspection, at least one of executing or presenting a portion of the trusted content by the first mobile device trusted security zone.

Citations

18 Claims

1. A method of downloading trusted content, comprising:
- building a request for a trusted content while executing in a secure partition of a first mobile device trusted security zone of a mobile device;
  
  responsive to executing in the secure partition of the first mobile device trusted security zone, stopping execution of a normal partition of the mobile device;
  
  sending, by the mobile device, the request for the trusted content to a server, wherein the server comprises a server trusted security zone that at least partly handles the request for the trusted content;
  
  receiving, by the first mobile device trusted security zone, the trusted content, wherein the trusted content comprises a trust token that contains information about the server trusted security zone and about the transmission of the trusted content;
  
  storing the trusted content in a second mobile device trusted security zone of the mobile device;
  
  inspecting the trusted content in the second mobile device trusted security zone, wherein inspecting the trusted content in the second mobile device trusted security zone comprises analyzing the trust token and comparing the trust token to a predefined trust criterion; and
  
  responsive to the trusted content passing inspection, at least one of executing at least a portion of the trusted content by the first mobile device trusted security zone or presenting at least a portion of the trusted content by the first mobile device trusted security zone on a display of the mobile device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, further comprising creating the second mobile device trusted security zone in response to receiving the trusted content by the first mobile device trusted security zone, wherein the second mobile device trusted security zone is provided in a virtual processor of the mobile device.
  - 3. The method of claim 1, wherein inspecting the trusted content in the second mobile device trusted security zone comprises decrypting the trusted content in the second mobile device trusted security zone.
  - 4. The method of claim 1, wherein inspecting the trusted content in the second mobile device trusted security zone comprises at least one of scanning at least part of the trusted content with a virus scanning tool, performing a cyclic redundancy check on at least part of the trusted content, performing a checksum on at least a part of the trusted content, and executing instructions contained in the trusted content and comparing the execution behavior of the executed instructions to a manifest provided in the trusted content.
  - 5. The method of claim 1, further comprising responsive to the trusted content passing inspection, storing at least a portion of the trusted content in a trusted memory partition of the mobile device.
  - 6. The method of claim 5, wherein one of a cyclic redundancy check data provided in the trusted content or a checksum data provided in the trusted content is stored in the trusted memory partition of the mobile device.
  - 7. The method of claim 5, wherein a data segment portion of the trusted content is stored in the trusted memory partition of the mobile device.
  - 8. The method of claim 1, further comprising:
    - receiving a second trusted content, wherein the second trusted content designates trusted execution;
      
      based on the designation for trusted execution of the second trusted content, executing a browser plug-in in a trusted security zone of the mobile device, wherein responsive to the browser plug-in executing in the trusted security zone of the mobile device, applications are prevented from executing in the normal partition;
      
      translating, by the browser plug-in, a form content of the second trusted content to a trusted form content;
      
      presenting, by the browser plug-in, the trusted form content on a display of the mobile device;
      
      receiving, by the browser plug-in, user input directed to the trusted form content from a user interface; and
      
      transmitting the user input to complete a confidential transaction.
  - 9. The method of claim 8, wherein the browser plug-in is configured for use with a plurality of different browser applications.
  - 10. The method of claim 8, wherein the form content is received as part of one of a hypertext markup language (HTML) document or an extensible markup language (XML) document.
  - 11. The method of claim 8, further comprising:
    - encrypting, by the browser plug-in, the user input; and
      
      providing, by the browser plug-in, the encrypted user input to a browser executing in the normal partition, wherein the browser transmits the encrypted user input to complete the confidential transaction.
  - 12. The method of claim 8, further comprising encrypting, by the browser plug-in, the user input, wherein the browser plug-in transmits the encrypted user input to complete the confidential transaction.
  - 13. The method of claim 8, further comprising presenting, by the browser plug-in, at least a portion of the content on a display of the mobile device, wherein the portion of the content comprises at least one of a medical record, medical diagnostic information, or medical treatment information.
  - 14. The method of claim 1, further comprising:
    - receiving, by the server, the trusted content and trust credentials associated with the trusted content;
      
      validating, by the server, the trust credentials associated with the trusted content;
      
      when the trust credentials associated with the trusted content are deemed valid, storing the trusted content;
      
      receiving, by the server, the request for the trusted content and trust credentials associated with the request;
      
      validating, by the server, the trust credentials associated with the request; and
      
      when the trust credentials associated with the request are deemed valid, sending, by the server, the trusted content to the mobile device.
  - 15. The method of claim 14, wherein the trust credentials associated with the trusted content comprise a trust token that contains information about a trusted end-to-end communication link by which the trusted content was received by the server.
  - 16. The method of claim 14, wherein the trust credentials associated with the trusted content further comprises information that promotes validating the integrity of the trusted content.
  - 17. The method of claim 14, wherein the server sends the trusted content to the mobile device via a trusted end-to-end communication link.
  - 18. The method of claim 14, wherein the server stores the trusted content and the trust credentials associated with the trusted content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Katzer, Robin D., Paczkowski, Lyle W., Parsel, William M., Persson, Carl J., Schlesener, Matthew C.
Primary Examiner(s)
Dada, Beemnet
Assistant Examiner(s)
BEHESHTI SHIRAZI, SAYED ARESH

Application Number

US13/557,213
Time in Patent Office

811 Days
Field of Search

726/6, 726/2, 726/12, 726/1, 726/3, 726/5, 726/18, 726/22, 726/23, 726/24, 713/169, 713/175, 713/152, 713/168, 713/171, 713/172, 709/219, 709/226, 709/217, 709/206, 709/224, 455/411, 705/71
US Class Current

726/5
CPC Class Codes

G06F 21/53   by executing in a restricte...

H04W 12/086   using security domains

H04W 12/10   Integrity

H04W 12/128   Anti-malware arrangements, ...

Trusted access to third party applications systems and methods

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted access to third party applications systems and methods

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links